- 3 minutes to read
- 3 minutes to read
Inside senhasegura, when a user tries to make use of a credential for a session or view password, senhasegura checks which access group in which the user is related to the credential has the most restrictive rule.
These rules can be set in the access group creation.
senhasegura will record access in all compliant audit reports and forward to SIEM the messages of the actions taken.
Access through justification
A registration screen will be presented if the requesting user needs to record the reason for using the inside information. And only after sending the justification will it be possible to use it.
The requesting user can list their requests through the PAM Core ➔ Access control ➔ My requests menu.
Access through approval
If the requesting user needs approval to perform the same task, the justification screen is presented with the addition of fields for the period. This period is the time interval that the requester needs to use the credential.
After this time, the credential will be available for automatic password change. And if the approval is for a proxy session, the requester will be immediately disconnected.
The user will be given the following confirmation screen when forwarding the approval request.
After the request is approved, the requesting user receives an e-mail informing him of the access release.
If the user is a member of an access group with a level approval model, the 1st level approver will receive the email first, after his approval the other approvers will receive the email according to the hierarchy and number of levels defined in the access group configuration.
If the inbox is configured in senhasegura, approvers can reply to the email with the words APPROVE or DISAPPROVE to affect their response. Or he can click on the link described in the email.
The system can be done at the PAM Core ➔ Access control ➔ My approvals menu. Record actions allow you to approve, disapprove and see the detail of the request.
At the time of approval, the approver may change the date and time interval.
All the requests and the justified accesses can be seen in the report Access control ➔ Requests.
- Approved: The request was accepted, releasing access.
- Canceled: The request was canceled by the user who created it.
- Revoked: After the request has been accepted, it can be revoked, removing access.
- Pending: At the moment, the request is created and is awaiting approval.
- Disapproved: The request was not accepted.
Whenever an approver revokes a session, if there is more than one approver, the others don't need to revoke it. To access revocation requests, go to PAM Core ➔ Requests.
After the request is revoked, the user will no longer have access to the session or the credential password, being disconnected from the session. When trying to reaccess it, he will be forwarded to a new access justification screen.
The emergency access
There is a case in which the requester can skip the approval process if there is a need for immediate emergency use of the credential. We call it emergency access.
When the access group allows the requester to use this feature, the requester will be presented with the emergency access screen right after sending the access request.
As soon as the requester confirms emergency access, senhasegura will send all approvers the information that the requester had access to in advance.
The access request will be marked with emergency use.
View session videos
To activate approval for viewing session videos in the senhasegura system, go to Settings ➔ System parameters ➔ Remote session the option Enable approval flow for session videos?* must be marked as Yes as in the image below:
Video approval workflow reports
In PAM Core ➔ Access Control, you have the following options:
- My Session Video Requests: Lists all requests made by the user on the screen, displays the history of requests for approvals of video views of user sessions in the system, pending, approved, and disapproved;
My Session Video Approvals: Lists all approval requests for viewing session videos in the system;
Session Video Requests: Shows the history of requests to view session videos in the vault and view all previously approved or
The user cannot approve the request itself.
Justification for seeing a remote session
To add an approver, you must go to Settings ➔ System Parameters ➔ Approvers, select the PAM Core module, and add an approver.
Users needing approval to view session videos must fill in a justification. The request will be sent to an approver.
To view operations such as approvals and disapprovals, access: Reports ➔ Audit Events ➔ tracking:
Approval of viewing the session videos: registration of approval by the approving user;
Disapproval of viewing the session videos: record of disapproval by the approving user.